Attorney General's new war on encrypted web services

How you might be forced to unlock seized packets.

Australia's Attorney-General's department wants new laws to force users and providers of encrypted internet communications services to decode any data intercepted by authorities.

The proposal is buried in a submission (pdf) by the department to a Senate inquiry on revision of the Telecommunications Interception Act.

The Attorney General's submission makes it clear that its proposal is a "preliminary view" that may not align with that of the broader Australian Government, which it says has made "no decision" on any TIA-related revision.

The department argues the rise of over-the-top communications (OTT) makes it more difficult to guarantee that intercepted communications will be in an "intelligible" format. The rising adoption of encryption to thwart mass surveillance attempts is irking authorities.

"Sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions," the submission noted.

Though it does not name its key targets, Yahoo!, Google and Microsoft already enable encryption by default for their respective web-based email services. BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.

Under the department's plan, "law enforcement, anti-corruption and national security agencies … [would be able] to apply to an independent issuing authority for a warrant authorising the agency to issue 'intelligibility assistance notices' to service providers and other persons".

The department argues the obligation on service providers would merely "formalise" existing arrangements. However, forcing individual suspects to unlock encrypted messages would be a new power for authorities.

The department sees the scheme acting in a similar way to section 3LA of the Crimes Act, under which authorities can get a warrant that compels an individual to turn over passwords to seized hard drives.

Under 3LA, the individual is compelled to "'provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form", the department said.

The department isn't specific about what it believes individual users could provide authorities that would aid in making sense of encrypted data from internet communication services.

It appeared to acknowledge that it could not "compel a person to do something which they are not reasonably capable of doing". Users would also not simply be told to turn over unencrypted content to authorities.

However, the department wants failure to comply with a notice to "constitute a criminal offence, consistent with the Crimes Act." It does not suggest what types of penalties it would seek if users did not help unlock their encrypted communications.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.